Discussion:
Need to revert openldap-server to 2.57
Per olof Ljungmark
2021-06-07 09:47:57 UTC
Permalink
A bit urgent...

After updating to openldap-server 2.59 slapd refuses to start, how can I
revert to 2.57 with ports and git while troubleshooting the update?

Thanks,
Per
Philip Paeps
2021-06-07 10:11:10 UTC
Permalink
Post by Per olof Ljungmark
A bit urgent...
After updating to openldap-server 2.59 slapd refuses to start, how can
I revert to 2.57 with ports and git while troubleshooting the update?
You're probably running into the same issue I ran into this weekend when
I upgraded the FreeBSD.org cluster's ldap-master.

The problem we had that openldap24-server since 2.4.58_2 wants to build
all overlays as modules. We use the syncprov module in our
configuration for replication. That by itself isn't too exciting ...
except that we also store the configuration inside LDAP.

I rebuilt openldap24-server without DYNAMIC_MODULES and with SYNCPROV.
That didn't work either because we expect the mdb backend to be loaded
as a module. Second try: with DYNAMIC_BACKENDS, without
DYNAMIC_MODULES, with SYNCPROV. That worked.

Give that a go.

Meanwhile, if you have to downgrade, you can always do a pkg install
/var/db/pkg/openldap-version-that-worked.

Philip
--
Philip Paeps
Senior Reality Engineer
Alternative Enterprises
Philip Paeps
2021-06-07 10:29:22 UTC
Permalink
Post by Philip Paeps
Post by Per olof Ljungmark
A bit urgent...
After updating to openldap-server 2.59 slapd refuses to start, how
can I revert to 2.57 with ports and git while troubleshooting the
update?
You're probably running into the same issue I ran into this weekend
when I upgraded the FreeBSD.org cluster's ldap-master.
The problem we had that openldap24-server since 2.4.58_2 wants to
build all overlays as modules. We use the syncprov module in our
configuration for replication. That by itself isn't too exciting ...
except that we also store the configuration inside LDAP.
I rebuilt openldap24-server without DYNAMIC_MODULES and with SYNCPROV.
That didn't work either because we expect the mdb backend to be
loaded as a module. Second try: with DYNAMIC_BACKENDS, without
DYNAMIC_MODULES, with SYNCPROV. That worked.
Give that a go.
Meanwhile, if you have to downgrade, you can always do a pkg install
/var/db/pkg/openldap-version-that-worked.
See also the note in openldap24-server pkg-message delphij added earlier
today. That may help!

https://cgit.freebsd.org/ports/commit/net/openldap24-server/files/pkg-message.in?id=42cf9fac0b9265617db78500e19e8f2e5a08b8d4

Philip
--
Philip Paeps
Senior Reality Engineer
Alternative Enterprises
Per olof Ljungmark
2021-06-07 10:32:18 UTC
Permalink
Post by Philip Paeps
Post by Per olof Ljungmark
A bit urgent...
After updating to openldap-server 2.59 slapd refuses to start, how can
I revert to 2.57 with ports and git while troubleshooting the update?
You're probably running into the same issue I ran into this weekend when
I upgraded the FreeBSD.org cluster's ldap-master.
The problem we had that openldap24-server since 2.4.58_2 wants to build
all overlays as modules.  We use the syncprov module in our
configuration for replication.  That by itself isn't too exciting ...
except that we also store the configuration inside LDAP.
I rebuilt openldap24-server without DYNAMIC_MODULES and with SYNCPROV.
That didn't work either because we expect the mdb backend to be loaded
as a module.  Second try: with DYNAMIC_BACKENDS, without
DYNAMIC_MODULES, with SYNCPROV.  That worked.
Give that a go.
Meanwhile, if you have to downgrade, you can always do a pkg install
/var/db/pkg/openldap-version-that-worked.
Philip
Well thanks a lot! But then, why DYNAMIC_BACKENDS marked as DEPRECATED?

Anyway, thanks again, saved my day.

Per
Philip Paeps
2021-06-07 10:50:26 UTC
Permalink
Post by Per olof Ljungmark
Post by Philip Paeps
Post by Per olof Ljungmark
A bit urgent...
After updating to openldap-server 2.59 slapd refuses to start, how
can I revert to 2.57 with ports and git while troubleshooting the
update?
You're probably running into the same issue I ran into this weekend
when I upgraded the FreeBSD.org cluster's ldap-master.
The problem we had that openldap24-server since 2.4.58_2 wants to
build all overlays as modules.  We use the syncprov module in our
configuration for replication.  That by itself isn't too exciting
... except that we also store the configuration inside LDAP.
I rebuilt openldap24-server without DYNAMIC_MODULES and with
SYNCPROV. That didn't work either because we expect the mdb backend
to be loaded as a module.  Second try: with DYNAMIC_BACKENDS,
without DYNAMIC_MODULES, with SYNCPROV.  That worked.
Give that a go.
Meanwhile, if you have to downgrade, you can always do a pkg install
/var/db/pkg/openldap-version-that-worked.
Well thanks a lot! But then, why DYNAMIC_BACKENDS marked as
DEPRECATED?
Anyway, thanks again, saved my day.
As I understand it, DYNAMIC_BACKENDS predates DYNAMIC_MODULES and is a
subset of it. With DYNAMIC_BACKENDS, you only build the backends as
modules but you compile in the overlays. With DYNAMIC_MODULES, both the
backends and the overlays are built as modules.

Going from the configuration we (and possibly you?) have to
DYNAMIC_MODULES may be a little bit interesting though. To modify the
configuration to dynamically load the overlay, we'll have to be running
a slapd with the overlay statically built in. And we'll need to do this
a little bit carefully because the replicas also replicate the config.

For now I will keep DYNAMIC_BACKENDS but leave DYNAMIC_MODULES off.
It's a little ... disruptive ... when LDAP goes down. :)

Philip
--
Philip Paeps
Senior Reality Engineer
Alternative Enterprises
Loading...